HomeContent Toolkit Logo

Content Toolkit

Home

>

Tools

>

WordPress

>

Releases

>

3.8.33

WordPress Release: 3.8.33

Tag Name: 3.8.33

Release Date: 4/29/2020

View Release
WordPress LogoWordPress

World's most popular open-source content management system powering over 40% of all websites. Offers extensive plugin ecosystem, themes, and robust community support for blogs, e-commerce, and corporate websites. Highly customizable and scalable platform suitable for beginners and advanced developers.

Open SourceBloggingWebsite Builder

TL;DR

WordPress 3.8.33 is a maintenance and security release that addresses several important bugs and security vulnerabilities in the 3.8 branch. This update fixes issues with post editing, user security, query handling, and file name sanitization. It also includes significant improvements to the testing infrastructure to ensure better code quality and stability. This release is important for all WordPress 3.8 users to maintain site security and functionality.

Highlight of the Release

    • Fixed a regression in post editing that ensures edit_post() properly promotes auto-drafts to drafts
    • Enhanced security by invalidating user activation keys when passwords are updated
    • Improved UTF-8 character support in file name sanitization
    • Fixed query handling to ensure only a single post can be returned on date/time based queries
    • Ensured proper escaping in the cache API stats method

Migration Guide

No specific migration steps are required for this maintenance release. Simply update your WordPress installation to version 3.8.33 through your admin dashboard or by downloading the update from wordpress.org.

As with any WordPress update, it's recommended to:

  1. Back up your website files and database before updating
  2. Test the update on a staging environment if possible
  3. Check for plugin and theme compatibility after updating

Upgrade Recommendations

This update is highly recommended for all sites running WordPress 3.8.x as it contains important security fixes and bug fixes that improve the stability and security of your WordPress installation.

While WordPress 3.8 is no longer receiving active development, this maintenance release addresses specific security concerns that could affect sites still running this version. For optimal security and features, consider upgrading to the latest major WordPress version if your site's plugins and themes are compatible.

Bug Fixes

  • Post Editing: Fixed a regression in the 3.8 branch where edit_post() wasn't properly promoting auto-drafts to drafts (#49485)

  • Query Handling: Resolved an issue to ensure that only a single post can be returned on date/time based queries, preventing potential duplicate content issues

  • Cache API: Fixed escaping issues around the stats method in the cache API to prevent potential security vulnerabilities

  • File Handling: Enhanced sanitize_file_name function to provide better support for UTF-8 characters, improving compatibility with international file names

  • Testing Infrastructure: Fixed intermittent test failures related to microtime comparisons by properly converting microtime output to float values for accurate comparisons (#30336)

New Features

No significant new features were introduced in this maintenance release. WordPress 3.8.33 focuses on bug fixes, security improvements, and enhancing the testing infrastructure to ensure better stability and reliability of the WordPress 3.8 branch.

Security Updates

  • User Authentication: Enhanced security by ensuring that user activation keys are properly invalidated when passwords are updated, preventing potential unauthorized access through stale activation keys

  • Cache API: Fixed proper escaping around the stats method in the cache API to prevent potential security vulnerabilities

  • Query Handling: Improved security in date/time based queries by ensuring only a single post can be returned, preventing potential information disclosure

Performance Improvements

This release includes minor performance improvements through the enhanced cache API handling and better query processing for date/time based queries. The improved handling of queries ensures more efficient database operations, particularly when dealing with time-based content retrieval.

Impact Summary

WordPress 3.8.33 is primarily a security and maintenance release that addresses several important issues in the WordPress 3.8 branch. The most significant impacts include:

  1. Enhanced Security: By fixing user activation key handling and improving escaping in the cache API, this release closes potential security vulnerabilities that could be exploited.

  2. Improved Content Management: The fix for auto-draft promotion ensures content creators won't lose their work due to improper post status transitions.

  3. Better International Support: Enhanced UTF-8 handling in file names improves the experience for users working with non-Latin characters.

  4. More Reliable Queries: The fix for date/time based queries ensures more predictable and accurate content retrieval.

  5. Testing Infrastructure: While not directly visible to end users, the significant improvements to the testing framework help ensure better code quality and stability for the WordPress 3.8 branch.

This release demonstrates WordPress's commitment to maintaining security and stability even for older branches of the software.

Statistics:

File Changed73
Line Additions1,076
Line Deletions1,973
Line Changes3,049
Total Commits8

User Affected:

  • Better security with user activation key invalidation when passwords are updated
  • Improved post editing functionality with auto-drafts properly promoting to drafts
  • Enhanced testing infrastructure for more stable WordPress installations

Contributors:

SergeyBiryukovwhyisjakedesrosj